CVE-2021-31808
published 2021-05-27CVE-2021-31808: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
5.49%
91.8th percentile
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | squid | < squid 4.13-10 (bookworm) | squid 4.13-10 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| squid-cache | squid | < 4.15 | 4.15 |
| squid-cache | squid | >= 5.0 < 5.0.6 | 5.0.6 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.10-1ubuntu1.4 | 4.10-1ubuntu1.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hx5h-cw5j-ghcr: An issue was discovered in Squid before 4
ghsa_unreviewed·2022-05-24
CVE-2021-31808 [MEDIUM] CWE-190 GHSA-hx5h-cw5j-ghcr: An issue was discovered in Squid before 4
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
OSV
squid, squid3 vulnerabilities
osv·2021-06-03·CVSS 7.5
CVE-2021-28651 [HIGH] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)
Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. This issue was only affect
OSV
CVE-2021-31808: An issue was discovered in Squid before 4
osv·2021-05-27·CVSS 6.5
CVE-2021-31808 [MEDIUM] CVE-2021-31808: An issue was discovered in Squid before 4
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2021-06-03·CVSS 7.5
CVE-2021-28651 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)
Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, result
Red Hat
squid: integer overflow in HTTP Range header
vendor_redhat·2021-05-10·CVSS 6.5
CVE-2021-31808 [MEDIUM] CWE-190 squid: integer overflow in HTTP Range header
squid: integer overflow in HTTP Range header
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
An integer overflow flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.
Statement: This issue has been rated as having a security impact of Moderate. At this stage in their life, Red Hat Enterprise Linux 6 and 7 only accept Important and Critical Security Advisories (RHSAs) and this flaw does not meet these criteria. For additional information, refer to the Red Hat Enterprise L
Debian
CVE-2021-31808: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an inp...
vendor_debian·2021·CVSS 6.5
CVE-2021-31808 [MEDIUM] CVE-2021-31808: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an inp...
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
Scope: local
bookworm: resolved (fixed in 4.13-10)
bullseye: resolved (fixed in 4.13-10)
forky: resolved (fixed in 4.13-10)
sid: resolved (fixed in 4.13-10)
trixie: resolved (fixed in 4.13-10)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Oct/14http://www.openwall.com/lists/oss-security/2023/10/11/3http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xfhttps://lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/https://security.netapp.com/advisory/ntap-20210716-0007/https://www.debian.org/security/2021/dsa-4924http://seclists.org/fulldisclosure/2023/Oct/14http://www.openwall.com/lists/oss-security/2023/10/11/3http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xfhttps://lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/https://security.netapp.com/advisory/ntap-20210716-0007/https://www.debian.org/security/2021/dsa-4924
2021-05-27
Published